- From: Matthew Miller via GitHub <sysbot+gh@w3.org>
- Date: Wed, 06 Sep 2023 18:45:36 +0000
- To: public-webauthn@w3.org
Would anything in this proposal potentially blow up if we ended up in a future state where passkey providers offered users an option, entirely outside of the browser, to **not** silently register passkeys? That is, we'd have something like this: - User turns off "allow sites to silently create passkeys" in their passkey provider _[A few hours later]_ - RP sets up conditional creation with `conditionalCreate` extension - User logs in with username + password - Browser attempts to silently register a passkey - Passkey provider says "nope" - ??? Just trying to think ahead a bit, about potential controls that passkey providers might offer users (outside the influence of ostensibly user-centric WebAuthn) that would potentially clash with RP-friendly features like this one. -- GitHub Notification of comment by MasterKale Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1951#issuecomment-1708909845 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 6 September 2023 18:45:39 UTC